The Hacker News

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

SmartLoader campaign spreading StealC via a trojanized Oura MCP server using fake GitHub forks to steal credentials and crypto funds.

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
Microsoft

Copilot Studio agent security: Top 10 risks you can detect and prevent

Copilot Studio agents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and weak orchestration controls can create real ...

Once-hobbled Lumma Stealer is back with lures that are hard to resist

“LummaStealer is back at scale, despite a major 2025 law-enforcement takedown that disrupted thousands of its command-and-control domains,” researchers from security firm Bitdefender wrote. “The ...

Claude LLM artifacts abused to push Mac infostealers in ClickFix attack

Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries.
PCMag on MSN

Windows 10 Security Alert: Do This Now to Reduce Your Risk of Being Hacked

Now that Windows 10 has reached the end of support, it's increasingly appealing to cybercriminals. While upgrading is recommended, you don't have to switch immediately—here's how you can keep your ...
ZDNet

15+ best Alexa commands to make your home work smarter (Prime not required)

Follow ZDNET: Add us as a preferred source on Google. Virtual assistants will soon be as commonplace as smartphones -- in many parts of the world, they already are. Most smartphones have a built-in ...